fix sudo to work with all shells / environments

README.md

@@ -462,10 +462,10 @@ will be executed is "root". This can be changed by passing
 `user: "name"` with the second argument:
 
 ```javascript
-// will run: sudo -u root -i bash -c 'Hello world'
+// will run: echo 'echo Hello world' | sudo -u root -i bash
 transport.sudo('echo Hello world');
 
-// will run sudo -u www -i bash -c 'Hello world'
+// will run echo 'echo Hello world' | sudo -u www -i bash
 transport.sudo('echo Hello world', {user: 'www'});
 
 // further options passed (see `exec()`)

lib/transport/index.js

@@ -7,7 +7,7 @@ var format = require('util').format
   , errors = require('../errors')
   , commands = require('./commands')
   , queue = require('../utils/queue')
-  , escapeQuotes = require('../utils').escapeQuotes;
+  , escapeSingleQuotes = require('../utils').escapeSingleQuotes;
 
 /**
  * A transport is the interface you use during flights. Basically they
@@ -148,10 +148,10 @@ Transport.prototype.exec = function(command, options) {
  * `user: "name"` with the second argument:
  *
  * ```javascript
- * // will run: sudo -u root -i bash -c 'Hello world'
+ * // will run: echo 'echo Hello world' | sudo -u root -i bash
  * transport.sudo('echo Hello world');
  *
- * // will run sudo -u www -i bash -c 'Hello world'
+ * // will run echo 'echo Hello world' | sudo -u www -i bash
  * transport.sudo('echo Hello world', {user: 'www'});
  *
  * // further options passed (see `exec()`)
@@ -190,8 +190,8 @@ Transport.prototype.sudo = function(command, options) {
   var user = options.user || 'root';
 
   command = format('%s%s', this._execWith, command);
-  command = escapeQuotes(command);
-  command = format("sudo -u %s -i bash -c \"'%s'\"", user, command);
+  command = escapeSingleQuotes(command);
+  command = format("echo '%s' | sudo -u %s -i bash", command, user);
 
   return this._exec(command, options);
 };

lib/utils/index.js

@@ -17,13 +17,10 @@ exports.writeTempFile = function(str) {
   return fullpath;
 };
 
-exports.escapeQuotes = function(str) {
+exports.escapeSingleQuotes = function(str) {
   if(!str) {
     return str;
   }
 
-  str = str.replace(/"/g, '\\"');
-  str = str.replace(/'/g, "'\\''");
-
-  return str;
+  return str.replace(/'/g, "'\\''");
 };

test/test.transport.js

@@ -97,7 +97,7 @@ describe('transport', function() {
 
       expect(transport._exec.calledOnce).to.be.true;
       expect(transport._exec.lastCall.args).to.deep.equal([
-        "sudo -u root -i bash -c \"''\"",
+        "echo '' | sudo -u root -i bash",
         {}
       ]);
     });
@@ -108,12 +108,12 @@ describe('transport', function() {
       transport.sudo('printf "hello world"');
 
       expect(transport._exec.lastCall.args[0])
-        .to.equal("sudo -u root -i bash -c \"\'printf \\\"hello world\\\"\'\"");
+        .to.equal("echo 'printf \"hello world\"' | sudo -u root -i bash");
 
       transport.sudo("printf 'hello world'");
 
       expect(transport._exec.lastCall.args[0])
-        .to.equal("sudo -u root -i bash -c \"'printf '\\''hello world'\\'''\"");
+        .to.equal("echo 'printf '\\''hello world'\\''' | sudo -u root -i bash");
     });
 
     it('should pass options to #_exec()', function() {
@@ -129,7 +129,7 @@ describe('transport', function() {
 
       transport.sudo('cmd', { user: 'not-root' });
 
-      expect(transport._exec.lastCall.args[0]).to.equal("sudo -u not-root -i bash -c \"'cmd'\"");
+      expect(transport._exec.lastCall.args[0]).to.equal("echo 'cmd' | sudo -u not-root -i bash");
     });
   });
 

test/test.utils.js

@@ -37,15 +37,14 @@ describe('utils', function() {
     });
   });
 
-  describe('#escapeQuotes()', function() {
+  describe('#escapeSingleQuotes()', function() {
     it('should correctly escape single quotes', function() {
-      var escapeQuotes = proxyquire('../lib/utils', {}).escapeQuotes;
+      var escapeSingleQuotes = proxyquire('../lib/utils', {}).escapeSingleQuotes;
 
-      expect(escapeQuotes("'string'")).to.equal("'\\''string'\\''");
-      expect(escapeQuotes('"string"')).to.equal('\\"string\\"');
-      expect(escapeQuotes("\\'string\\'")).to.equal("\\'\\''string\\'\\''");
-      expect(escapeQuotes('')).to.equal('');
-      expect(escapeQuotes()).to.be.undefined;
+      expect(escapeSingleQuotes("'string'")).to.equal("'\\''string'\\''");
+      expect(escapeSingleQuotes("\\'string\\'")).to.equal("\\'\\''string\\'\\''");
+      expect(escapeSingleQuotes('')).to.equal('');
+      expect(escapeSingleQuotes()).to.be.undefined;
     });
   });